A PRIMITIVE WAY OF USER AUTHENTICATION USING COLOR SCHEME
advertisement
International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 A PRIMITIVE WAY OF USER AUTHENTICATION USING COLOR SCHEME 1. A. Yugandhara Rao, 2.P. Sudha Rani , 3.P.Sirisha , 4.V. Yashwanth Raju, 5. P. Bhargava Kumar Department of CSE & LIET ABSTRACT Alpha numeric passwords are the most common method used for authentication. Eves dropping, dictionary attacks and shoulder surfing are general attacks. Alternative technique for alpha numeric passwords is graphical passwords. In this project, CaRP (captcha as a graphical password) system with a supportive captcha to increase the remembrance of the password is discussed. In this work, user name contains font style and password with colours along with captcha has been introduced for security purpose. In this system a password consists of sequence of some captcha click points in which user can select his/her captcha click points for authentication. The security provided by the system is better as in these days alphanumeric passwords are more prone to hacking. Many developers have been striving to overcome those hackers. Now due to graphical way of accessing is very easy and more secure. If the user selects the wrong captcha, accessing to the account is restricted. Keywords: Graphical password, font style to user name, colour to the password, captcha. 1.INTRODUCTION The most notable primitive invented is Captcha, which distinguishes human users from computers by presenting a challenge, i.e., a puzzle, beyond the capability of computers but easy for humans. Captcha is now a standard Internet security technique to protect online email and other services from being abused by bots. In this paper, we introduce a new security primitive, a novel family of graphical password systems integrating Captcha technology, which we call CaRP (Captcha as gRaphical Passwords). CaRP is click-based graphical passwords, where a sequence of clicks on an image is used to derive a password. Unlike other click-based graphical passwords, images used in CaRP are Captcha challenges, and a new CaRP image is generated for every login attempt along with user name having font style and password having colour. The notion of CaRP is simple but generic. CaRP offers protection against online dictionary attacks on Passwords, which have been for long time a major security threat for various online services. This threat is widespread and considered as a top cyber security risk [1]. CaRP also offers protection against relay attacks, an increasing threat to bypass Captcha protection, wherein Captcha challenges are relayed to humans to solve. CaRP requires solving a Captcha challenge in every login. Typical application scenarios for CaRP include: 1.1) CaRP can be applied on touch-screen devices whereon typing passwords is cumbersome, esp. for secure Internet applications such as e-banks. 1.2) CaRP increases spammer’s operating cost and thus helps reduce spam emails. 2.RELATED WORK 2.1 Graphical Passwords A large number of graphical password schemes have been proposed. They can be classified into three categories according to the task involved in memorizing and entering passwords: recognition, recall, and cued recall. 2.2 Captcha There are two types of visual Captcha: text Captcha and Image-Recognition Captcha (IRC). The former relies on character recognition while the latter relies on recognition of non-character objects. 2.3 Captcha in Authentication Generally captcha as authentication includes along with password captcha sequence as authentication. It can also be explained as sequences of images are stored along with user name and password. Captcha used with recognition-based graphical passwords to address spyware [3], [4], wherein a text Captcha is displayed below each image; a user locates her own pass-images from decoy images, and enters the characters at specific locations of the Captcha below each passimage as her password during authentication. These specific locations were selected for each pass-image during Volume 4, Issue 3, March 2015 Page 220 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 password creation as a part of the password. In the above schemes, Captcha is an independent entity, used together with a text or graphical password. On the contrary, a CaRP is both a Captcha and a graphical password scheme. Captcha is used to protect sensitive user inputs on an un trusted client [3]. This scheme protects the communication channel between user and Web server from key loggers and spyware, while CaRP is a family of graphical password schemes for user authentication. 3.CAPTCHA AS GRAPHICAL PASSWORD 3.1A New Way to Thwart Guessing Attacks In a guessing attack, a password guess tested in an unsuccessful trial is determined wrong and excluded from subsequent trials. The number of undetermined password guesses decreases with more trials, leading to a better chance of finding the password. 3.2CaRP: An Overview In CaRP, a new image is generated for every login attempt , even for the same user. CaRP schemes are clicked-based graphical passwords. According to the memory tasks in memorizing and entering a password, CaRP schemes can be classified into two categories: recognition and a new category. 3.3User Authentication with CaRP Schemes A CaRP password is a sequence of visual object IDs or clickable-points of visual objects that the user selects. Upon receiving a login request, authentication request generates a CaRP image, records the locations of the objects in the image, and sends the image to the user to click her password. 4. SECURITY ANALYSIS 4.1Human Guessing Attacks In human guessing attacks, humans are used to enter passwords in the trial and error process. Humans are much slower than computers in mounting guessing attacks. 4.2Shoulder-Surfing Attacks: Shoulder-surfing attacks are a threat when graphical passwords are entered in a public place such as bank ATM machines. However, combined with the following dual-view technology, CaRP can thwart shoulder-surfing attacks. This can be the further enhancement to this paper. 5.ARCHITECTURE Figure 1 Architecture for retrieving details of a valid user Figure 1 shows the procedure how a user can be validated. During registration user has to enter user name with font style and password with color along with captcha sequence. Again at the time of login user has to prove himself as valid one by entering the font user name, colored password along with previous sequence of captcha. The data entered while registration is stored in database will be checked while login. If content matches then the user is valid otherwise invalid. Volume 4, Issue 3, March 2015 Page 221 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 6. SCREENSHOTS FIG: 6.1 Registration FIG: 6.2 User login FIG: 6.3 User entering password and captchA Volume 4, Issue 3, March 2015 Page 222 International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: editor@ijaiem.org Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 FIG: 6.4 Login page FIG: 6.5 For uploading a file using captcha as password 7 CONCLUSION CaRP is both a Captcha and a graphical password scheme. The notion of CaRP introduces a new family of graphical passwords, which adopts a new approach to counter online guessing attacks: a new CaRP image, which is also a Captcha challenge, is used for every login attempt to make trials of an online guessing attack computationally independent of each other. Overall, our work is one step forward in the paradigm of security. CaRP has good potential for refinements, which call for useful future work. More importantly, we expect CaRP to inspire new inventions of security primitives. REFERENCES [1] HP TippingPoint DVLabs, Vienna, Austria. (2010). Top Cyber Security Risks Report, SANS Institute and Qualys Research Labs [Online]. Available: http://dvlabs.tippingpoint.com/toprisks2010. [2] M. Szydlowski, C. Kruegel, and E. Kirda, “Secure input for web applications,” in Proc. ACSAC, 2007, pp. 375– 384. [3] H. Gao, X. Liu, S.Wang, and R. Dai, “A new graphical password schemeagainst spyware by using CAPTCHA,” in Proc. Symp. Usable Privacy Security, 2009, pp. 760–767. [4] L. Wang, X. Chang, Z. Ren, H. Gao, X. Liu, and U. Aickelin, “Against spyware using CAPTCHA in graphical password scheme,” in Proc. IEEE Int. Conf. Adv. Inf. Netw. Appl., Jun. 2010, pp. 1–9. Volume 4, Issue 3, March 2015 Page 223
